Threat Intelligence: Buy snake oil and you’ll get bitten
It seems US cybersecurity firm Norse Corp. might have been better named Loki, after the renowned trickster god of Scandinavian mythology. The firm’s original sales pitch sounded great, offering a “global ‘dark intelligence’ platform, to defend against today’s advanced threats“. Flashy infographics showed attack trends circulating the globe, with Norse claiming to be able to track patterns in near real-time. Riding a wave of publicity, the firm began hoovering up talent from across the cybersecurity industry and holding lavish parties at major conferences. Clearly, this was a business going somewhere.
Unfortunately, that somewhere turned out to be the drain. Norse is now in dire straits – its CEO has stepped down and it’s laying off employees – after accusations that it invented attack data and sold product capabilities it simply didn’t have. Although Norse, which reportedly has more than eight million online ‘sensors’ worldwide, certainly gathered a huge volume of data, it appears the firm couldn’t provide actionable and relevant security insights to its customers.
When Intelligence isn’t so smart
A tsunami of raw data is the opposite of Threat Intelligence; at best, it’s Threat Information. What’s actually needed is focused, relevant and actionable insights into the threats that matter. That’s why we developed our Threat Advisory Service, delivering easy-to-understand Intelligence that’s carefully tailored to each customer’s specific industry, IT estate and security posture. Our expert analysts constantly monitor evolving risks to sift out the one threat in ten thousand that poses a real and present danger to a customer’s business. We then outline what a threat affects, its severity and how customers should respond in an easy-to-digest visual report – allowing them to take the right actions, on the right risks, before there’s any business impact. Of course, creating this kind of focused Threat Intelligence is far from easy – as we found out during the painstaking development of A Greater Intelligence. Expert people, robust processes and advanced Big Data analytics must all combine to deliver useful, contextualised insights in real-time.
The perils of snake oil
Back at Norse Corp., Mary Landesman – who was the firm’s senior data scientist – had the following to say: “I think this is a scam…they’re trying to draw this out and tap into whatever…buzzwords du jour there are, and have a product that’s going to meet that and suck in new investors“.
Similarly, expert security commentator Brian Krebs called Norse’s data “not especially sophisticated or uncommon”. Meanwhile, the firm’s analysis process seems vague at best, with one former employee worrying that “they were finding what they wanted to find in the data“. There’s an important lesson here. Whether you’re paying for a quarterly security analyst report or a real-time feed of emerging threats, the information won’t be valuable unless it takes into account the context of your business – the assets you need to protect, the systems you use and the vulnerabilities you have.
Generic Threat Intelligence can’t help because you don’t need detailed information on every threat – you need to hone in on the tiny percentage of threats that matter to you. Only then can Threat Intelligence become truly actionable. When you combine insights into your day-to-day network behaviour with Threat Intelligence from the outside world, you can finally build a strategic picture of your security.
With contextualised, actionable security insights it really does become possible to fix vulnerabilities proactively, spot dangers on the horizon, detect attacks before they impact, resolve incidents more quickly and prevent them from reoccurring. Meanwhile, with an understanding of how attackers think, behave and select targets, businesses can make far more of existing security budgets and focus scarce resources where they’re needed most.
As such, data-driven security holds the key to meeting today’s most urgent challenges – from multiplying threats and more sophisticated threat actors, to the expanding attack surface and skyrocketing IT complexity. It empowers businesses to make better informed decisions and pre-emptively defend against the most important threats. So, the next time you’re considering a Threat Feed, think about the expert manpower and cutting-edge analytics needed to turn that raw data into actionable, relevant intelligence – and ask yourself if a service that delivers everything seamlessly might not be a better investment.
Ultimately, if you’re being offered Threat Intelligence that doesn’t take into account the context of your business, it might be best to refuse the snake oil before you’re bitten.